Windows Server 2000/2003 Thread, Exchange server 2003 sending out emails in Technical; Hi Guys ,
Since coming back from holiday i have noticed something sending out mail via our exchange 2003 smtp ...
22nd August 2011, 12:58 PM #1
Exchange server 2003 sending out emails
Hi Guys ,
Since coming back from holiday i have noticed something sending out mail via our exchange 2003 smtp server .
Its managed to send out like 15k emails out on a random day !
Its confusing me where its coming from , i dont think its an internal machine as its been sending out on the weekend and we only have 1 machine on all the time ( apart from the servers) .
its not using an internal account but using it own outside address ( its pretending to be banks etc )
Outside relay is disabled so its not that .
Can some one relay if they manage to obtain admin password etc ?
IDG Tech News
22nd August 2011, 01:10 PM #2
Have a look at this. Preventing Exchange 2000/2003 from Relaying
Think it might help you, you are best to sort this ASAP otherwise other domains (such as yahoo) will blacklist your domain meaning you cannot send email to them!
22nd August 2011, 01:22 PM #3
Had a look at that already , We have GFI mail essentials which blocks spam but unsure how this is happening tbh ! as i have checked all servers and any desktops that have been on and they all seem ok !.
Im thinking maybe some one is authenticating with a username and password somehow to send the spam
22nd August 2011, 01:23 PM #4
Is the anonomous access (as mentioned in the website link) switched off?
If yes, it sounds like they are authenticating.
maybe @sukh can help??
22nd August 2011, 01:29 PM #5
'Is the anonomous access (as mentioned in the website link) switched off?'
if i untick this , wont it stop all incoming mail beacause they cant connect to the SMTP to send mail ?
22nd August 2011, 01:34 PM #6
It shouldnt stop all incoming mail (see point 2 above), Personally i would disable it (as per the website link above) and try sending an email from my gmail account and see if it gets through
What's a "Relay"?
First let's see what "relaying" is:
A user in your domain wants to send e-mail to another user in your domain - This is NOT relaying. 2.
An outside user (from the Internet) wants to send e-mail to another user in your domain - This is NOT relaying.
A user in your domain wants to send e-mail to an outside user (on the Internet) - This IS relaying.
An outside user (from the Internet) wants to send e-mail to an outside user (on the Internet) - This IS relaying.
If you read the article, you can also put relay restrictions if needed.
Last edited by bart21; 22nd August 2011 at 01:35 PM.
Reason: cant spell!! :)
22nd August 2011, 02:18 PM #7
Im pretty sure if i enable that its going its going to disable all incoming mail . As its not todo with the relay but more to do with the SMTP server and allowing users to send incoming mail without authenticating if i read that correctly.
I enabled logging the other day on messages and can see that a lot of the mail is coming from a outside source IP.
i have just enabled also SMTP logging , so should hopefully when they send out there next lot of messages see what user is authenticating . Also enabled account logon audit IN GP to see auth requests.
Under relays allow all PC authentication was enabled , I unchecked this and added all internal ranges only
Last edited by 2097; 22nd August 2011 at 02:47 PM.
23rd August 2011, 09:37 PM #8
1. By default exch 2003 wont allow relaying unless a config has been changed,
2. GFI will prevent spam but that doesnt mean it will prevent relaying, only spam coming into your Org.
3. It could be spyware/virus internally on your network.
4. Have yoyu got AV deployed on all your desktop and servers and are they up to date?
5. Can you verify point 4? Do you have centralised reporting for your Av to show update status?
6. When messgae are sent, are t hey sent internally to users or externally?
7. Can you post a message header of one?
8. Check Exch 2003 MT and SMTP logs (if not turned on turn on now).
9. KB posted by Bart is good, follow that.
10. If your concerned then describe your mail setup? Exch? gateways? Firewalls, how meesage flow internally and externally.
24th August 2011, 09:21 AM #9
Thanks for the post
After enabling SMTP logs ive noticed this is a external client
They are relaying , and are using it to spam outside accounts
Ive enabled some more logging to see what account they are using to authenticate.
It is currently enabled that all Authenticated users can Relay and Submit , I have modified what computers can use relay .. I think i might just enable it so only Admins can use the relay service , So this will still allow my applications to send out some emails
24th August 2011, 10:18 AM #10
25th August 2011, 02:09 PM #11
found out the authenticating user .. test1 was the account name .. I think i could guess the password lol !
disabled the account for now . Think it was setup prior to my arrival
Thanks every one for the help
Manage to catch it out with using MXexchange transport logging . no other logs will log it
25th August 2011, 02:37 PM #12
glad it;s resolved, I would have expected some logging in MT and SMTP.
By faza in forum How do you do....it?
Last Post: 8th October 2009, 09:16 PM
By tosca925 in forum Books and Manuals
Last Post: 12th June 2007, 10:55 AM
By ninjabeaver in forum Windows
Last Post: 20th March 2007, 06:06 PM
By faza in forum Wireless Networks
Last Post: 24th July 2006, 12:20 PM
By tarquel in forum Windows
Last Post: 4th July 2005, 02:56 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)